- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 31394
- Проверка EDB
-
- Пройдено
- Автор
- FELIX
- Тип уязвимости
- DOS
- Платформа
- WINDOWS
- CVE
- cve-2008-0532
- Дата публикации
- 2008-03-12
Код:
source: https://www.securityfocus.com/bid/28222/info
Cisco User-Changeable Password (UCP) is prone to multiple remote vulnerabilities, including cross-site scripting and buffer-overflow vulnerabilities.
Exploiting the cross-site scripting issues may help the attacker steal cookie-based authentication credentials and launch other attacks. Exploiting the buffer-overflow vulnerabilities allows attackers to execute code in the context of the affected application, facilitating the remote compromise of affected computers.
The buffer-overflow issues are tracked by Cisco Bug ID CSCsl49180. The cross-site scripting issues are tracked by Cisco Bug ID CSCsl49205.
These issues affect versions prior to UCP 4.2 when running on Microsoft Windows.
http://www.example.com/securecgi-bin/CSUserCGI.exe?Logout+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABBBB.xyzab.c.hacker.- Источник
- www.exploit-db.com
